io.jsonwebtoken.ExpiredJwtException: JWT expired: what it means and how to fix it
TL;DR: Validate locally, fix the first real error, validate again (no upload).
Fix io.jsonwebtoken.ExpiredJwtException: JWT expired by decoding safely and locally (no upload).
What the error means
io.jsonwebtoken.ExpiredJwtException: JWT expired means a decoder rejected the input as invalid encoding. The fastest path is to identify what format you have, normalize it, then decode again.
Most common real-world causes
- JWT problems are often: not 3 segments, wrong key/algorithm, or option mismatch (aud/iss/sub).
- The input is not actually encoded in the expected format (Base64 vs Base64URL vs plain text).
- You copied only part of the string (truncated token/payload).
- Whitespace/newlines were introduced during copy/paste.
- Wrong character set: URL-safe Base64 uses '-' and '_' instead of '+' and '/'.
- You decoded using the wrong function (decodeURIComponent on non-URL-encoded data, atob on non-Base64).
Fast debugging steps
- If you see a JWT library error, decode the token parts first to confirm structure and claims.
- Confirm what you are decoding (URL encoding, Base64, Base64URL, JWT).
- Trim whitespace and remove line breaks before decoding.
- If it's a JWT, ensure it has 3 dot-separated parts (header.payload.signature).
- If it's Base64URL, convert '-' -> '+' and '_' -> '/' and add padding if needed.
Code example (java)
import java.util.Base64;
String[] parts = token.split("\\.");
if (parts.length != 3) throw new RuntimeException("JWT must have 3 segments");
String headerJson = new String(Base64.getUrlDecoder().decode(parts[0]));
String payloadJson = new String(Base64.getUrlDecoder().decode(parts[1]));
System.out.println("header=" + headerJson);
System.out.println("payload=" + payloadJson);
// Signature verification requires the signing key (public/secret).Fix without uploading data
Encoded strings often contain secrets (tokens, IDs). Decode locally and share only redacted snippets.
- URL Encode/Decode for percent-encoding.
- Base64 Encode/Decode for Base64/Base64URL payloads.
- JWT Decoder to inspect header/payload without uploads.
FAQ
Is Base64 the same as Base64URL? No. Base64URL uses '-' and '_' and often omits padding. Normalize before decoding.
Does decoding a JWT verify it? No. Decoding shows claims; verification requires the signing key.
Related tools
Related guides
Privacy & Security
All processing happens locally in your browser. Files are never uploaded.
Related by intent
Useful follow-up pages selected from real search impressions and no-click opportunities.
No-click fix: java jjwt unsupportedjwtexception unsupported jwtNo-click fix: java jjwt signatureexception signature does not matchNo-click fix: java base64url no paddingRelated fix: neighbor java json unexpected token backslash pos 0 checklists enterprise rolloutRelated fix: neighbor java csharp stj could not be converted system int32 user id runbooks data importRelated fix: neighbor java csharp stj could not be converted system string items 0 runbooks data importRelated fix: neighbor java winner node base64url vs base64 runbooks webhooks checklists enterprise rollouRelated fix: neighbor java go json cannot unmarshal string into field token type string runbooks data imp
Related by winning cluster
Linked from a winner family to push crawl and first-impression conversion.
Open cluster hubneighbor csharp csharp newtonsoft error converting 123 system int64 items 0 id workflows analytics pipelineneighbor csharp csharp newtonsoft error converting false system int64 items 0 id workflows api gatewayneighbor csharp csharp newtonsoft error converting true system int64 items 0 id checklists analytics pipelineneighbor csharp csharp newtonsoft error converting true system int64 value workflows webhooksneighbor csharp csharp stj could not be converted system int32 id workflows api gatewayneighbor csharp csharp newtonsoft error converting 123 45 system guid items 0 id workflows webhooksneighbor csharp csharp newtonsoft error converting nan system datetime user id workflows analytics pipelineneighbor csharp csharp newtonsoft error converting null system decimal items 0 id checklists analytics pipeline
Quick fix checklist
- Reproduce the error on a minimal input.
- Check type/format and field mapping.
- Apply the smallest safe fix.
- Validate on production-like payload.
Next pages to check
Closest crawled pages without impressions yet. Added to speed first-impression conversion.
neighbor java go json cannot unmarshal string into field payload user type string runbooneighbor java go json cannot unmarshal string into field user createdat type time time wneighbor java winner compare csharp csharp newtonsoft error converting infinity system ineighbor java winner compare csharp csharp newtonsoft error converting null system datetneighbor csharp csharp stj could not be converted system int32 items 0 id checklists ananeighbor csharp csharp stj could not be converted system int32 items 0 id checklists edgneighbor csharp csharp stj could not be converted system int32 items 0 id workflows enteneighbor csharp csharp stj could not be converted system int32 user id checklists analytneighbor csharp go json cannot unmarshal bool into field user id type int troubleshootinneighbor python go json cannot unmarshal string into field payload user type string runbneighbor java csharp stj could not be converted system int32 user id runbooks data imporneighbor java go json cannot unmarshal string into field payload items type string workfneighbor csharp csharp newtonsoft error converting 123 system guid user id runbooks analneighbor csharp csharp newtonsoft error converting 123 system guid user id workflows ananeighbor csharp csharp newtonsoft error converting 123 system guid user id workflows apineighbor csharp csharp newtonsoft error converting 123 system guid user id workflows webneighbor csharp csharp newtonsoft error converting 123 system int32 user id workflows apneighbor csharp csharp newtonsoft error converting 123 system int32 user id workflows da